still 400 response code, but so weird this time

Maxim Dounin mdounin at
Thu Aug 1 09:37:24 UTC 2013


On Thu, Aug 01, 2013 at 03:10:30AM -0400, microwish wrote:

> In access_log file, huge numbers of log entries like this:
> 1764839163 - 0.242 [01/Aug/2013:11:02:01 +0800] ""
> "-" 400 0 "-" "-" "-"
> log_format defined in http conf block:
> '$remote_addr $connection $remote_user $request_time [$time_local]
> "$hostname" "$request" $status $body_bytes_sent "$http_referer"
> "$http_cookie" "$http_user_agent"'
> Points I realized:
> 1) Cannot catch $request, which is full original request line according to
> Nginx documentation. So can it tell at which phrase the connection was
> dropped?
> 2) $body_bytes_sent is zero. So no HTTP response body was generated.
> 3) $http_refer, $http_cookie and $http_user_agent cannot be caught. So does
> this indicate any issue?
> p.s. this might be caused by HTTPS/SSL connections from mobile client, but
> I'm not sure.

Such lines in access log are caused by opening and closing a 
connection without sending any data in it.  Usually this happens 
due to browser optimizations (e.g., Chrome opens an additional 
connection "just in case"), but might appear due to various other 
reasons as well (e.g. if browser rejects your SSL cert).

As of nginx 1.3.15+ such connections are no longer logged to 
access log, see

Maxim Dounin

More information about the nginx mailing list